Software Development Security

Question 1

Adware

Answer 1

Software to generate ads that installs itself on your computer when you download some other (usually free) program from the web.

Question 2

Aggregation

Answer 2

A relation, such as CONSISTS OF or CONTAINS, between types that defines the composition of a type from other types.

Question 3

Application Programming Interface (API)

Answer 3

A set of calling conventions defining how a service is invoked through a software package.

Question 4

Botnets

Answer 4

A network of infected zombie computers controlled by a botherder. Botnets range in size from a just handful of infected computers to hundreds of thousands or millions. Also known as botherd.

Question 5

Buffer overflow

Answer 5

An anomaly where a program, while writing data to a buffer, overruns the buffer’s boundary and ovewrites adjacent memory. This is a special case of violation of memory safety.

Question 6

Cookie poisoning (manipulation)

Answer 6

Attacks involving the modification of the contents of a cookie in order to bypass security mechanisms.

Question 7

Covert channel

Answer 7

A channel of communication within a computer system, or network, that is not designed or intended to transfer information.

Question 8

Cross Site Request Forgeries (CSRF)

Answer 8

A type of malicious exploit of a website whereby unauthorized commands are transmitted from a user that the website trusts.

Question 9

Cross-Site Scripting (XSS)

Answer 9

A type of computer security vulnerability typically found in Web applications. XSS enables attackers to inject client-side script into Web pages viewed by other users.

Question 10

Dangling pointer

Answer 10

Pointers that do not point to a valid object of the appropriate type.

Question 11

Data hiding

Answer 11

A software development technique specifically used in object-oriented programming (OOP) to hide internal object details (data members). Data hiding ensures exclusive data access to class members and protects object integrity by preventing unintended or intended changes.

Question 12

Denial of Service (DoS)

Answer 12

The unauthorized prevention of authorized access to resources or the delaying of time-critical operations.

Question 13

Distributed Denial of Service (DDoS)

Answer 13

Multiple computers flooding a Web site with so many requests for service that it slows down or crashes.

Question 14

Fast flux botnets

Answer 14

A DNS technique used by botnets to hide phising and malware delivery sites behind an ever-changing network of compromised hosts acting as proxies.

Question 15

Garbage collection

Answer 15

A language mechanism that automatically deallocates memory for objects that are not accessible or referenced.

Question 16

HTTP Response Splitting

Answer 16

A form of web application vulnerability, resulting from the failure of the application or its environment to properly sanitize input values. It can be used to perform cross-site scripting attacks, cross-user defacement, web cache poisoning, and similar exploits.

Question 17

Keystroke logging

Answer 17

The action of recording (or logging) the keys struck on a keyboard, typically in a covert manner so that the person using the keyboard is unaware that their actions are being monitored.

Question 18

Open source

Answer 18

A philosophy that promotes free redistribution and access to an end product’s design and implementation details.

Question 19

Pharming

Answer 19

An attack intended to redirect a website’s traffic to another, bogus site.

Question 20

Phishing

Answer 20

The act of attempting to acquire information such as usernames, passwords, and credit card details (and sometimes, indirectly money) by masquerading as a trustworthy entity in an electronic communication.

Question 21

Race condition

Answer 21

A type of flaw in an electronic or software system where the output is dependent on the sequence or timing of other uncontrollable events.

Question 22

Remote Access Trojans (RATs)

Answer 22

A malware program that includes a back door for administrative control over the target computer.

Question 23

Rootkits

Answer 23

A stealthy type of software, often malicious, designed to hide the existence of certain processes or programs from normal methods of detection and enable continued privileged access to a computer.

Question 24

Social engineering

Answer 24

The art of manipulating people into performing actions or divulging confidential information.

Question 25

SPAM

Answer 25

The use of electronic messaging systems to send unsolicited bulk messages, especially advertising, indiscriminately.

Question 26

Spear phishing

Answer 26

Phishing attempts directed at specific individuals or companies. Attackers may gather personal information about their target to increase their probability of success.

Question 27

SQL injection

Answer 27

A technique often used to attack data driven applications. This is done by including portions of SQL statements in an entry field in an attempt to get the website to pass a newly formed rogue SQL command to the database (e.g. dump the database contents to the attacker).

Question 28

URL manipulation

Answer 28

By manipulating certain parts of a URL, a hacker can get a web server to deliver web pages he is not supposed to have access to.

Question 29

Web applets

Answer 29

Provide interactive features to web applications that cannot be provided by HTML alone. They can capture mouse input and also have controls like buttons or check boxes. In response to the user action an applet can change the provided graphic content.